Received: by 2002:a05:7412:a9a2:b0:e2:908c:2ebd with SMTP id o34csp2546707rdh; Sun, 29 Oct 2023 23:29:33 -0700 (PDT) X-Google-Smtp-Source: AGHT+IH1Gevdqcpi2ZrYzcs95SZBLdkn6P+twINLQFU447jLGu+v21HqvmenYETYTdbRhJTGy98k X-Received: by 2002:a05:6a00:93a0:b0:6bb:def8:b09c with SMTP id ka32-20020a056a0093a000b006bbdef8b09cmr7596940pfb.1.1698647373418; Sun, 29 Oct 2023 23:29:33 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1698647373; cv=none; d=google.com; s=arc-20160816; b=epPMBjX9xREP3qH9B16dlupzw/rtrikTRzfAq2I2/5RLHu6StXzp22DdpzzCniZmWH fjpyNun6kCDjDfi/4SRAx1y8xGata5amZQMKVbhsJnlhnxefV/m31S5ekKuJvru3Q/oH GQOVEQd/WSwO/FSQBRlhDRjHL46KTgevhhiFQw+KLdZDJEBS97TNMwRtQQvsejcu8ILF khQPfQdaa0uo4zXq26MMWay1kalLbRMzcNQSGDvpT8EhtbSiTh8Wn+2pMPuAwDMxCeSp Hd2E77pkQo3hWQpnuC2EWf6myWPT/uMmNAKob4/FgMqz7ftx0s2A6rFVYeeLFWbpAjhw FQtA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=rzVHmjEI+YpEe4gZLECBFUB4/fthvdQpMU6WpBuzUV0=; fh=1GhISFj8qt6/r9hzz/0ybewQWm8QJ4axWqUmoX7FGws=; b=1GOzFKpQbOTUzBRHK+VAYEsYJJmYb8DiRd/gKAv884YMUoB7xXrvF1iNCgfXVlS1yU XkK3lE4x5k5qkSfnNqBiTs3RVQPtRAuse6vmR/bktOIPaKaKddMgBkizPG+rLMTeKYtL 0flABEq0xMKlHynZOaVVNgQi1COHU00+vG5XuJ1XJk20qqHWNpQfsPTYNc/Mz/HI37YV gJYgf47Tc5pMyumcLH+IkcavNKY8KO+5BOxVxhNkL5B9VnsLijcagjkT9C8lqul1yM97 vIYmPxnPzU1zzwSVEwoeUo/oh+KH9zCM9O22Xxh6H9sj3Eu/rD8RTFkZ+133my+WcDH+ cGJA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=KjESlcO0; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from snail.vger.email (snail.vger.email. [2620:137:e000::3:7]) by mx.google.com with ESMTPS id h8-20020a056a00170800b006b2b53de986si4490553pfc.194.2023.10.29.23.29.33 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 29 Oct 2023 23:29:33 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) client-ip=2620:137:e000::3:7; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=KjESlcO0; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by snail.vger.email (Postfix) with ESMTP id 7465080B1D2B; Sun, 29 Oct 2023 23:29:32 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at snail.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231285AbjJ3G3a (ORCPT + 99 others); Mon, 30 Oct 2023 02:29:30 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41972 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229517AbjJ3G32 (ORCPT ); Mon, 30 Oct 2023 02:29:28 -0400 Received: from mail-lf1-x12e.google.com (mail-lf1-x12e.google.com [IPv6:2a00:1450:4864:20::12e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EDA4AAB for ; Sun, 29 Oct 2023 23:29:25 -0700 (PDT) Received: by mail-lf1-x12e.google.com with SMTP id 2adb3069b0e04-50917cd6d6eso2241e87.0 for ; Sun, 29 Oct 2023 23:29:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1698647364; x=1699252164; darn=vger.kernel.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=rzVHmjEI+YpEe4gZLECBFUB4/fthvdQpMU6WpBuzUV0=; b=KjESlcO0g4o7IpYQhSZpDNTE5vfv1v1m1tmoJ/14crc9m18CMtgf/A1BpRDPldgDRY +el+PQn5YjW0goEbdseq4MPE8XV9/B7vmXhOcOj6X05m5Gi2g7VHUW5cF4m2AUVSD/w1 ye+zo9X880Bo++vUlJ3EOfdxS0KpYpKecPAkYJUhmZWBzYU/HlWsN/HNa+47iqIiMmU4 FELmTA5expLe37hoGR2JKEAQTQbcTOoeGAi5fmKGeBfyKLl0pOFewq2k0Ep7vysElD93 ac2bOmkmax4XCxwp/HU+ZGgFAJIPo3ce9IjEcnE7XXxYU299H7pRose3uzJBHOf73C0t EmxQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1698647364; x=1699252164; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=rzVHmjEI+YpEe4gZLECBFUB4/fthvdQpMU6WpBuzUV0=; b=Bd6FfKTtuT/EGUuAqYAbybhiybo6ibvPSqNZWgUcWcdQbO7dmsRkjqN31bGfR9wdWn xTBIR+LG5maDHEkhwVURt9VLTNGauML84DMVjklTyPGIabo/CJozStpqUAYwHi1bb7s7 rdD6aIT3C0g9Kg3gjj42lCCM2vYae7sWsTeHms8CEhGeR91TKBDBxlWwDyW2kISmDQ0/ pa2JzpcZ2wDv15QT/ggkjgvBXLlTJQ8prATyiB//ibdMddsJRmtLBEXG2z2MdbBo4X2d NucSvr3p43o0RiecdGXB0pFw01/UGoXcpMBHv5GAAAyRDkegu1vfScJHiXBjMbx/hYdQ ONQw== X-Gm-Message-State: AOJu0Yz8A7tuRIMv0qpz37Wtu9dN047b4/eu0Yj5wXfErZlKTM9z40nG +FfqfHa2NmayhixAzjpilrz95yg0maGmlS15xlgmeA== X-Received: by 2002:ac2:4e85:0:b0:501:b029:1a47 with SMTP id o5-20020ac24e85000000b00501b0291a47mr58180lfr.1.1698647363870; Sun, 29 Oct 2023 23:29:23 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Dmitry Vyukov Date: Mon, 30 Oct 2023 07:29:10 +0100 Message-ID: Subject: Re: [RFC] mm/kasan: Add Allocation, Free, Error timestamps to KASAN report To: Juntong Deng Cc: Andrey Konovalov , ryabinin.a.a@gmail.com, glider@google.com, vincenzo.frascino@arm.com, akpm@linux-foundation.org, kasan-dev@googlegroups.com, linux-mm@kvack.org, "linux-kernel@vger.kernel.org" , "linux-kernel-mentees@lists.linuxfoundation.org" Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-17.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS, USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Sun, 29 Oct 2023 23:29:32 -0700 (PDT) On Sun, 29 Oct 2023 at 10:05, Juntong Deng wrote= : > > On 2023/10/26 3:22, Andrey Konovalov wrote: > > On Tue, Oct 17, 2023 at 9:40=E2=80=AFPM Juntong Deng wrote: > >> > >> The idea came from the bug I was fixing recently, > >> 'KASAN: slab-use-after-free Read in tls_encrypt_done'. > >> > >> This bug is caused by subtle race condition, where the data structure > >> is freed early on another CPU, resulting in use-after-free. > >> > >> Like this bug, some of the use-after-free bugs are caused by race > >> condition, but it is not easy to quickly conclude that the cause of th= e > >> use-after-free is race condition if only looking at the stack trace. > >> > >> I did not think this use-after-free was caused by race condition at th= e > >> beginning, it took me some time to read the source code carefully and > >> think about it to determine that it was caused by race condition. > >> > >> By adding timestamps for Allocation, Free, and Error to the KASAN > >> report, it will be much easier to determine if use-after-free is > >> caused by race condition. > > > > An alternative would be to add the CPU number to the alloc/free stack > > traces. Something like: > > > > Allocated by task 42 on CPU 2: > > (stack trace) > > > > The bad access stack trace already prints the CPU number. > > Yes, that is a great idea and the CPU number would help a lot. > > But I think the CPU number cannot completely replace the free timestamp, > because some freeing really should be done at another CPU. > > We need the free timestamp to help us distinguish whether it was freed > a long time ago or whether it was caused to be freed during the > current operation. > > I think both the CPU number and the timestamp should be displayed, more > information would help us find the real cause of the error faster. > > Should I implement these features? Hi Juntong, There is also an aspect of memory consumption. KASAN headers increase the size of every heap object. So we tried to keep them as compact as possible. At some point CPU numbers and timestamps (IIRC) were already part of the header, but we removed them to shrink the header to 16 bytes. PID gives a good approximation of potential races. I usually look at PIDs to understand if it's a "plain old single-threaded use-after-free", or free and access happened in different threads. Re timestamps, I see you referenced a syzbot report. With syzkaller most timestamps will be very close even for non-racing case. So if this is added, this should be added at least under a separate config. If you are looking for potential KASAN improvements, here is a good list: https://bugzilla.kernel.org/buglist.cgi?bug_status=3D__open__&component=3DS= anitizers&list_id=3D1134168&product=3DMemory%20Management